CAS CLI Installation

Installing your own CAS is fairly simple, but it’s discouraged for novices. The possibility of losing your funds is real, if the server should inadvertently be setup incorrectly.

Installation requires some knowledge of:

  • Ubuntu (Linux)

  • SSH

  • File Permissions & Security

  • VPN Communications

CAS installation takes about 20 minutes. Hire a professional to help you if you are uncertain of how to proceed, or if you don’t feel comfortable with typing at the command line.

You’ll need a server with a publicly exposed IP to host your CAS.

Minimum requirements:

  • 1 CPU

  • 8 GB RAM

  • 20 GB HDD (150GB+ recommended)

  • Ubuntu 22.04 LTS Server

  • 1 publicly accessible IP address

  • A valid CAS license key from General Bytes (order here)

RAM is a critical part of seamless operation in this application – “the more, the merrier” when it comes to that component.

We ask you to use Ubuntu 22.04 LTS for the sake of support ease and consistency. Other flavors of Linux may work, but General bytes' products and this guide are focused around known quantities.

Ubuntu LTS versions 20.04 and 22.04 are currently supported.

These installation instructions are based on the images available on Digital Ocean. Images sourced from ISO’s (or other VPS providers) may not work as expected.

 If you choose an alternate OS, you may find yourself handling your own problems without much guidance (if you can even get the software installed & operating)! 

This guide presumes you've installed a bare Ubuntu 22.04 LTS OS, without any additional software aside from perhaps a distribution upgrade. This guide further presumes root access, and sudo may be required (yet omitted) in some examples supplied below. This guide assumes root for all commands. Security is also assumed. You are running a currency exchange and hackers would love to gain access to your funds. Make it difficult for them! Spend some time learning the best practices for your digital security, and implement those practices. So, let's get going. 

First: Login to your server.

You must access your “headless” Ubuntu server using SSH.

Using Linux or Mac, this is rather straightforward. Open a terminal window and SSH into your server:

ssh root@yourserverip

On a Windows machine, you have a couple choices - but none are built-in.

  1. Windows Subsystem for Linux offered by Microsoft for Windows 10 & Windows 11.

  2. PuTTY is a little dated, but still used by millions. Windows implements a CR+LF in it’s text documents, so edit files using Linux/Ubuntu when possible to avoid that issue.

Regardless of what you use, implement SSH keys (on your server) and disable passwords – remember: people want to steal your money! Password authentication usually makes that easier.

You should be looking at a CLI logged in as root on your web server before you proceed further.

  • “sudo” may be required for some commands below (if you’re not logged in as “root”).


Prepare your server

Update your Ubuntu:

Your Ubuntu software is obsolete out-of-the-box. You’ll need to update your installation immediately before proceeding further (and weekly thereafter).

sudo apt update && sudo apt dist-upgrade
  • When asked, “Do you want to continue? [Y/n] y" reply “y”.

  • If asked, “keep the local version currently installed” is the safe answer.

  • Press Enter (when requested) to accept the default answers to any queries (allow the update process to do whatever it suggests). There may be several of these messages.

Adjust your timezone:

Your reports and logs will be based on the current timezone, which is typically UTC (by default). Set your server to the correct timezone to enable accurate reporting.

sudo dpkg-reconfigure tzdata

Enable the UFW Firewall

A firewall should be enabled and active before installing CAS. Malicious actors may setup a bot to watch certain IP ranges. During your installation, that bot may manage to infiltrate your system in the few seconds it is unexposed - so lock it up before you go any further installing CAS.

Here’s how:

https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/954728558/Configuring+Server+Firewalls#Option-1%3A-Configure-UFW

Reboot your server:

  • You’ll automatically be disconnected from your server.

  • Login again after a couple of minutes (before proceeding).


Install the GB APT repository.


Install the CAS installer.

Download and install the CAS installation script to your server:

Add execute permission to the script file:

Start the installation script:

You will be now be asked for your license key again. You cannot proceed without it.

Enter the key provided by General Bytes and press ENTER.

  • The Ubuntu environment will ALSO be updated in this step.

  • The script will finish after a few minutes and report:

Proceed with:

  • Installation will resume, downloading the requisite software components and report:

Continue:

If you already have SQL installed & configured, use the skip-mysql parameter to proceed without the standard scripted mySQL configuration (e.g. sudo /opt/batm/batm-install configure skip-mysql).

Do not include the skip-mysql parameter unless you have already configured mySQL.

Immediately the script will ask you to create some database credentials.
  • You'll probably be safe using these defaults for these questions, but to avoid being predictable - pick something unique (yet simple).

  • The answers are case-sensitive.

  • These fields must not contain spaces (e.g. “mycas” is permitted, but “my cas” will fail).

  • DO NOT use special characters in the credentials.

The script will then ask you to confirm your public IP address.
  • Typically, you are safe to enter the address that was "auto-detected".

    • In this example, the correct IP address is already listed (138.197.114.157).

  • Verify that YOUR correct public IP address is actually listed (it will be different than this example).

  • If in doubt, use this easy command to identify your public IP: wget -qO - ipv4.icanhazip.com

Finally, complete the last step of CAS software installation:

  • You’ll be asked to enable “telemetry”. In this context, you’re being asked to permit BATM error logs to be automatically sent to the GB servers. “Telemetry” does not imply that GB can access your BATMs remotely to collect this data - this is not (currently) the case. Do not be alarmed.

After answering the “telemetry” question, the version installed will be displayed.

  • This version may not be the latest current version (it is the current stable version).

  • In this example, the installed version IS NOT the latest version, so we should update it next to ensure all possible security updates are applied.


Update your CAS

Follow this guide to install the latest version and/or patch:


Start CAS

The CAS server is now installed, but it must be started. Type:

  • Once all services (Master, Gate & Admin) have started, you’ll be returned to a command prompt.

  • Answer “Y” or “YES” (as appropriate) to create the default configuration files.

Typical startup screen:


Implement the integrated VPN:

Activate the integrated VPN to enable access to CAS. You cannot access CAS unless a VPN is configured and active. Only OpenVPN is supported at this time.

Instructions: VPN Access for CAS Administration

  • The integrated method is recommended as the bare minimum.

  • Server security is your responsibility and any lapse may result in a substantial loss of funds.


The first half of installation (CLI) is now complete.

You’re done with the CLI after the upgrade - and you may exit the terminal (CLI).


You're still not done, though.

You'll need to configure your settings to do sales & purchases.

 Move on to part 2/2 for "first time" instructions setting up the CAS front end.


Copyright © 2020-2024 General Bytes USA LLC